Abstract
The Internet of Things (IoT) is a massively extensive environment that can manage many diverse applications. Security is critical due to potential malicious threats and the diversity of the connectivity. Devices can protect themselves and detect threats with the Intrusion Detection System (IDS). IDS typically uses one of two approaches: anomaly-based or signature-based. This paper proposes a model (known as “AS-IDS”) that combines these two approaches to detect known and unknown attacks in IoT networks. The proposed model has three phases: traffic filtering, preprocessing and the hybrid IDS. In the first phase, the arrival traffic is filtered at the IoT gateway by matching packet features, after which the preprocessing phase applies a Target Encoder, Z-score and Discrete Hessian Eigenmap (DHE) to encode, normalize and eliminate redundancy, respectively. In the final phase, the hybrid IDS integrates signatures and anomalies. The signature-based IDS subsystem investigates packets with Lightweight Neural Network (LightNet), which uses Human Mental Search (HMS) for traffic clustering in the hidden layer and Boyer Moore is used to search for a particular signature in the output layer that is accelerated by using the Generalized Suffix Tree (GST) algorithm and by matching the signatures it classifies the attacks as intruder, normal or unknown. The anomaly-based IDS subsystem employs Deep Q-learning to identify unknown attacks, and uses Signal to Noise Ratio (SNR) and bandwidth to classify the attacks into five classes: Denial of Service (DoS), Probe, User-to-Root (U2R), Remote-to-Local (R2L), and normal traffic. Detected packets are then generated with new signatures, using the Position Aware Distribution Signature (PADS) algorithm. The proposed AS-IDS is implemented in real-time traffic with the NSL-KDD dataset, and the results are evaluated in terms of Detection Rate (DR), False Alarm Rate (FAR), Specificity, F-measure and computation time.
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-021-09589-6/MediaObjects/10922_2021_9589_Fig1_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-021-09589-6/MediaObjects/10922_2021_9589_Fig2_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-021-09589-6/MediaObjects/10922_2021_9589_Fig3_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-021-09589-6/MediaObjects/10922_2021_9589_Fig4_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-021-09589-6/MediaObjects/10922_2021_9589_Fig5_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-021-09589-6/MediaObjects/10922_2021_9589_Fig6_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-021-09589-6/MediaObjects/10922_2021_9589_Fig7_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-021-09589-6/MediaObjects/10922_2021_9589_Fig8_HTML.png)
![](http://media.springernature.com/m312/springer-static/image/art%3A10.1007%2Fs10922-021-09589-6/MediaObjects/10922_2021_9589_Fig9_HTML.png)
Similar content being viewed by others
References
Jararweh, Y., Otoum, S., Ridhawi, I.Al: “Trustworthy and sustainable smart city services at the edge”. Sustain. Cities Soc. 62, 1–11 (2020)
Aloqaily, M., Otoum, S., Ridhawi, I.Al, Jararweh, Y.: An intrusion detection system for connected vehicles in smart cities. Ad Hoc Netw. 90, 1–14 (2019)
Santos, L. Rabadao, C., Gonçalves, R.: Intrusion detection systems in Internet of Things: A literature review. 13th Iberian Conference on Information systems and Technologies (CISTI) (2018)
Fu, Y., Yan, Z., Cao, J., Koné, O., Cao, X.: An automata based intrusion detection method for Internet of Things. Mobile Inf. Syst. https://doi.org/10.1155/2017/1750637 (2017)
Elrawy, M.F., Awad, A.I., Hamed, H.F.A.: Intrusion detection systems for IoT-based smart environments: a survey. J. Cloud Comput. 7, 1–20 (2018)
Salunkhe, U.R., Mali, S.N.: Security enrichment in intrusion detection system using classifier ensemble. J. Electr. Comput. Eng. (2017). https://doi.org/10.1155/2017/1794849
Vengatesan, K., Kumar, A., Naik, R., Verma, D.K.: Anomaly based novel intrusion detection system for network traffic reduction. In: 2nd International Conference on I-SMAC. IoT in Social, Mobile, Analytics and Cloud (2019)
Cepheli, Ö., Büyükçorak, S., Kurt, G.K.: Hybrid intrusion detection system for DDoS attacks. J. Electr. Comput. Eng. https://doi.org/10.1155/2016/1075648 (2016)
Saleh, A.I., Talaat, F.M., Labib, L.M.: A hybrid intrusion detection system (HIDS) based on prioritized k-nearest neighbors and optimized SVM classifiers. Artif. Intell. Rev. 51, 403–443 (2019)
Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J.: Hybrid intrusion detection system based on the stacking ensemble of C5 decision tree classifier and one class support vector machine. Electronics 9, 173 (2020)
Khan, I.A., Pi, D., Khan, Z.U., Hussain, Y., Nawaz, A.: HML-IDS: a hybrid-multilevel anomaly prediction approach for intrusion detection in SCADA systems. IEEE Access 7, 89507–89521 (2019)
Elhefnawy, R., Abounaser, H., Badr, A.: A hybrid nested genetic-fuzzy algorithm framework for intrusion detection and attacks. IEEE Access 8, 98218–98233 (2020)
Jiang, K., Wang, W., Wang, A., Wu, H.: Network intrusion detection combined hybrid sampling with deep hierarchical network. IEEE Access 8, 32464–32476 (2020)
Kim, J., Kim, J., Kim, H., Shim, M.: CNN-based network intrusion detection against denial-of-service attacks. Electronics 9(6), 916 (2020)
Tobi, A.M.Al, Duncan, I.: Improving intrusion detection model prediction by threshold adaptation. Information 10, 159 (2019)
Magán-Carrión, R., Urda, D., Díaz-Cano, I., Dorronsoro, B.: Towards a reliable comparison and evaluation of network intrusion detection systems based on machine learning approaches. Appl. Sci. 10, 1775 (2020)
de Lima Filho, F.S., Silveira, F.A.F., de Medeiros Brito Jr, A., Vargas-Solar, G., Silveira, L. F.: Smart detection: an online approach for dos/ ddos attack detection using machine learning. Secur. Commun. Netw. https://doi.org/10.1155/2019/1574749 (2019)
Yang, K., Ren, J., Zhu, Y., Zhang, W.: Active learning for wireless IoT intrusion detection. IEEE Wirel. Commun. 25(6), 19–25 (2018)
Otoum, Y., Nayak, A.: “On securing IoT from Deep Learning perspective”, 2020 IEEE Symposium on Computers and Communications (ISCC), pp. 1-7, (2020). https://doi.org/10.1109/ISCC50000.2020.9219671
Otoum, S., Kantarci, B., Mouftah, H.T.: On the feasibility of deep learning in sensor network intrusion detection. IEEE Netw. Lett. 1(2), 68–71 (2019)
Khan, Z.A., Abbasi, U.: Reputation management using honeypots for intrusion detection in the internet of things. Electronics 9(3), 1–30 (2020)
Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J., Alazab, A.: A novel ensemble of hybrid intrusion detection system for detecting internet of things attacks. Electronics 8(11), 1–18 (2019)
Iman, A.N., Ahmad, T.: Improving Intrusion Detection System by Estimating Parameters of Random Forest in Boruta. Presented at the (2020)
Rajagopal, S., Kundapur, P., Hareesha, K.: A stacking ensemble for network intrusion detection using heterogeneous datasets. Secur. Commu. Netw. (2020). https://doi.org/10.1155/2020/4586875
Aung, Y., Min, M.: Hybrid Intrusion Detection System using K-means and K-Nearest Neighbors Algorithms. IEEE/ACIS 17th International Conference on Computer and Information Science (ICIS) (2018)
Lv, L., Wang, W., Zhang, Z., Liu, X.: A novel intrusion detection system based on an optimal hybrid kernel extreme learning machine. Knowl. Based Syst. 195, 102548 (2020)
Alazzam, H., Sharieh, A., Sabri, K.E.: A feature selection algorithm for intrusion detection system based on pigeon inspired optimizer. Expert Syst. Appl. 148, 1–14 (2020)
Mazini, M., Shirazi, B., Mahdavi, I.: Anomaly network-based intrusion detection system using a reliable hybrid artificial bee colony and AdaBoost algorithms. J. King Saud Univ. 31, 541–553 (2018)
Zhang, Y., Li, P., Wang, X.: Intrusion detection for IoT based on improved genetic algorithm and deep belief network. IEEE Access 7, 31711–31722 (2019)
Hachmi, F., Boujenfa, K., Limam, M.: Enhancing the accuracy of intrusion detection systems by reducing the rates of false positives and false negatives through multi-objective optimization. J. Netw. Syst. Manag. 27, 93–120 (2019)
Karatas, G., Demir, O., Sahingoz, O.K.: Deep learning in intrusion detection system. International Congress on Big Data, Deep Learning and Fighting Cyber Terrorism (IBIGDELFT) (2018)
Thamilarasu, G., Chawla, S.: Towards deep-learning-driven intrusion detection for the internet of things. Sensors 19(9), 1–19 (2019)
Balakrishnan, N., Rajendran, A., Pelusi, D., Ponnusamy, V.: Deep belief network enhanced intrusion detection system to prevent security breach in the internet of things. Internet Things 4(33), 1–8 (2019)
Khan, M.A., Karim, M.R., Kim, Y.: A scalable and hybrid intrusion detection system based on the convolutional-LSTM network. Symmetry 11(4), 583 (2019)
Otoum, Y., Liu, D., Nayak, A.: DL-IDS: a deep learning-based intrusion detection framework for securing IoT. Emerg. Telecommun. Technol, Trans (2019). https://doi.org/10.1002/ett.3803
Pajouh, H.H., Javidan, R., Khayami, R., Dehghantanha, A., Choo, K.R.: A two-layer dimension reduction and two-tier classification model for anomaly-based intrusion detection in iot backbone networks. IEEE Trans. Emerg. Top. Comput. 7, 314–323 (2019)
Kaur, S., Singh, M.J.: Hybrid intrusion detection and signature generation using deep recurrent neural networks. Neural Comput. Appl. 32, 7859–7877 (2019)
Ye, Q., Zhi, W.: Discrete hessian eigenmaps method for dimensionality reduction. J. Comput. Appl. Math. 278, 197–212 (2015)
Tang, Y., Chen, S.: An automated signature-based approach against polymorphic internet worms. IEEE Trans. Parallel Distrib. Syst. 18(7), 879–892 (2007)
Khan, A.H.: Lightweight Neural Networks. ar**v:1712.05695v1(2017)
Mousavirad, S.J., Ebrahimpour-Komleh, H.: Human mental search: a new population-based metaheuristic optimization algorithm. Appl. Intell. 47, 850–887 (2017). https://doi.org/10.1007/s10489-017-0903-6
Yin, C., Zhu, Y., Fei, J., He, X.: A deep learning approach for intrusion detection using recurrent neural networks. IEEE Access 5, 21954–21961 (2017). https://doi.org/10.1109/ACCESS.2017.2762418
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Otoum, Y., Nayak, A. AS-IDS: Anomaly and Signature Based IDS for the Internet of Things. J Netw Syst Manage 29, 23 (2021). https://doi.org/10.1007/s10922-021-09589-6
Received:
Revised:
Accepted:
Published:
DOI: https://doi.org/10.1007/s10922-021-09589-6